incident

Stryker Attack Wiped Tens of Thousands of Devices, No Malware Needed

Last week's cyberattack on medical technology company Stryker involved the remote wiping of nearly 80,000 employee devices by exploiting Microsoft Intune administrative privileges, but no malware was deployed and no medical devices were affected. The incident, attributed to the Handala group linked to Iran, disrupted internal corporate systems and electronic ordering, with restoration efforts ongoing to resume normal operations.

https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/

The Who, What, and Why of the Attack That Has Shut Down Stryker’s Windows Network

Stryker, a major multinational medical device supplier, confirmed a cyberattack that disrupted much of its Microsoft network, with a hacking group called Handala Hack—linked to the Iranian government—claiming responsibility. The attack, suspected to have involved remote wiping of devices via Microsoft’s InTune tool rather than typical malware, followed recent US and Israeli airstrikes on Iran, suggesting retaliation through cyber means. Despite the disruption, Stryker’s critical medical devices remain operational, though the company has not yet provided a timeline for full recovery.

https://arstechnica.com/security/2026/03/whats-known-about-wiper-attack-on-stryker-a-major-supplier-of-lifesaving-devices/

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

Iran-linked hacktivist group Handala claims responsibility for a data-wiping attack on Stryker, a major medical technology company. The attack forced the shutdown of Stryker's global operations, impacting over 200,000 devices and disrupting supply chains for healthcare providers. The group stated the action was retaliation for a missile strike in Iran that killed many civilians. The incident has raised concerns about cybersecurity in the healthcare sector, as hospitals consider disconnecting from Stryker's services amid the attack.

https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/

How We Hacked McKinsey’s AI Platform

CodeWall's autonomous agent hacked McKinsey's AI platform, Lilli, by exploiting a publicly exposed SQL injection vulnerability, gaining access to sensitive data including 46.5 million chat messages, 728,000 files, and 57,000 user accounts. The agent demonstrated that AI prompts are valuable targets and highlighted security failures in a prestigious firm's system that should have been protected.

https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform

After Outages, Amazon to Make Senior Engineers Sign Off on AI-assisted Changes

Amazon is experiencing a trend of outages, some linked to AI coding tools, prompting a meeting with engineers to address the issue. The company will require a senior engineer's sign-off for AI-assisted changes and focus on improving website availability. AWS also experienced incidents involving AI coding assistants, including a 13-hour interruption of a cost calculator.

https://arstechnica.com/ai/2026/03/after-outages-amazon-to-make-senior-engineers-sign-off-on-ai-assisted-changes/

Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data

A hacker exploited Anthropic’s AI chatbot, Claude, to breach Mexican government agencies, stealing 150 gigabytes of sensitive data, including taxpayer and voter records. The hacker used Claude to identify vulnerabilities, write scripts, and automate data theft, bypassing Claude’s guardrails by posing as a bug bounty hunter. The attack highlights the growing trend of cybercriminals using AI tools to enhance their hacking capabilities.

https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data

Amazon: AI-assisted Hacker Breached 600 FortiGate Firewalls in 5 Weeks

Russian-speaking hacker used AI to breach 600 Fortinet firewalls in 55 countries within five weeks, exploiting weak credentials and exposed interfaces without zero-day exploits. The attack involved automating access and reconnaissance tasks with AI-generated tools, leading to stolen configurations and credentials. Recommendations for FortiGate admins include disabling internet exposure of management interfaces and enabling MFA.

https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/

Wikipedia Blacklists Archive.today, Starts Removing 695,000 Archive Links

The English-language edition of Wikipedia is blacklisting Archive.today after discovering the site altered webpage snapshots to insert the name of a targeted blogger. This alteration, along with the site’s use in a DDoS attack, led to a consensus among Wikipedia editors to remove all links to Archive.today. The decision was influenced by concerns over the site’s reliability and the potential security risks it poses to users.

https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-archive-today-after-site-executed-ddos-and-altered-web-captures/

Eurail Says Stolen Traveler Data Now up for Sale on Dark Web

Eurail's stolen customer data is for sale on the dark web after a breach revealed sensitive records, including names and bank details. The company is investigating the extent of the breach and has notified data protection authorities. Affected customers should be alert for phishing attempts and update their passwords.

https://www.bleepingcomputer.com/news/security/eurail-says-stolen-traveler-data-now-up-for-sale-on-dark-web/

The Cyberattack That Exposed The Fragility Of Digital Heritage

Ransomware attacked the British Library on October 28, 2023, compromising servers, encrypting systems, and exfiltrating about 600 GB of data. The attack exploited vulnerabilities, including lack of multi-factor authentication on an entry point. This incident highlighted systemic issues in cultural institutions: outdated infrastructure, insufficient funding for tech upgrades, and complex network security challenges. In response, the Library initiated a significant overhaul, implementing better network segmentation, robust backup strategies, mandatory cybersecurity training, and elevating cybersecurity to a strategic priority. The incident underscores the risks faced by cultural heritage institutions in a digital age and the need for proactive cyber defense to protect knowledge access.

https://informationsecuritybuzz.com/the-cyberattack-that-exposed-the-fragility-of-digital-heritage/

Cyberattack on Poland’s Power Grid Hit Around 30 Facilities, New Report Says

Cyberattack on Poland's power grid affected ~30 facilities. Attributed to Russian group Sandworm, the attack compromised control systems but did not disrupt power supply. Researchers noted hackers accessed key operational tech but clarity on intent is lacking. This highlights vulnerabilities in distributed energy systems, which are now targeted by sophisticated adversaries.

https://therecord.media/poland-electrical-grid-cyberattack-30-facilities-affected

2 Cyber Pros Admit to Being BlackCat Ransomware Affiliates

Two cybersecurity professionals, Ryan Goldberg and Kevin Martin, pleaded guilty to being affiliates of the BlackCat ransomware gang. They extorted at least five U.S. companies, including a medical device maker, earning $1 million. Both men, along with a third unnamed co-conspirator, used their expertise to commit these attacks while employed at cybersecurity firms.

https://www.databreachtoday.com/2-cyber-pros-admit-to-being-blackcat-ransomware-affiliates-a-30415

Scroll to Top